CVE-2024-54311

Missing Authorization vulnerability in i.lychkov Mark New Posts mark-new-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark New Posts: from n/a through = 7.5.1...

CVE-2024-12538

The Duplicate Post, Page and Any Custom Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.5 via the 'dppduplicateasdraft' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

CVE-2024-12071

The Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletenetworkpost function in all versions up to, and including, 1.4.4. This makes it possible for...

CVE-2024-51804

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bobmatnyc Moka Get Posts Shortcode moka-get-posts allows DOM-Based XSS.This issue affects Moka Get Posts Shortcode: from n/a through = 1.0...

CVE-2024-51884

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Takashi Matsuyama Posts Search posts-search allows Stored XSS.This issue affects Posts Search: from n/a through = 1.2.2...

CVE-2024-51886

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Takashi Matsuyama Posts Filter posts-filter allows Stored XSS.This issue affects Posts Filter: from n/a through = 1.3.1...

CVE-2024-33643

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kailey Lampert Advanced Most Recent Posts Mod allows Stored XSS.This issue affects Advanced Most Recent Posts Mod: from n/a through 1.6.5.2...

CVE-2024-11291

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated...

CVE-2024-46996

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Blog posts feature. Version 5.1.2 fixes this issue...

CVE-2024-37951

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Noor alam Magical Posts Display – Elementor & Gutenberg Posts Blocks allows Stored XSS.This issue affects Magical Posts Display – Elementor & Gutenberg Posts Blocks: from n/a through 1.2.38...

CVE-2024-13623

The Order Export for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.24 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads...

CVE-2024-0908

The Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the apbPosts function hooked via an AJAX action in all versions up to, and including, 1.13.4. This makes it possible...

CVE-2024-2795

The SEO SIMPLE PACK plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.1 via META description. This makes it possible for unauthenticated attackers to extract limited information about password protected posts...

CVE-2024-12825

The Custom Related Posts plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on three AJAX actions in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with Subscriber-level access and above...

CVE-2024-11915

The RRAddons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.0 via the Popup block due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2024-11083

The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...

CVE-2024-11106

The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.7 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...

CVE-2024-10802

The Hash Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hashelementsgetpoststitlebyid function in all versions up to, and including, 1.4.7. This makes it possible for unauthenticated attackers to retrieve draft post titles that...

CVE-2024-54083

Mattermost versions 10.1.x = 10.1.2, 10.0.x = 10.0.2, 9.11.x = 9.11.4, 9.5.x = 9.5.12 fail to properly validate the type of callProps which allows a user to cause a client side webapp and mobile DoS to users of particular channels, by sending a specially crafted post...

CVE-2024-50464

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pierre Lebedel Kodex Posts likes kodex-posts-likes.This issue affects Kodex Posts likes: from n/a through = 2.5.0...